Security researchers at an antivirus company have documented another potentially serious security hole in an Intel product, this time in the mechanism for performing system updates. The good news, however, is that it is limited to desktops, is a configuration error, and does not appear to impact servers.Last June, researchers at F-Secure found a flaw in Intel’s Active Management Technology (AMT), a feature used to perform remote updates to advanced desktops using Intel vPro or workstation platforms using Core desktop chips and certain Xeon CPUs. Xeon is primarily a server processor but there are some low-end chips used in high-performance workstations, such as those used in a CAD environment.To read this article in full, please click here
Host Steve Ragan talks with Stan Engelbrecht, director of the cybersecurity practice at D3 Security, about the inherent flaws in security defenses for public transportation systems -- and what can be done.
The Consumer Electronics Show (CES) is an odd place to announce an enterprise product, but the Wi-Fi Alliance used the massive trade show — which has more or less taken over where Comdex left off — to announce a major upgrade to Wi-Fi security.The alliance announced the Wi-Fi Protected Access 3 (WPA3), a new standard of Wi-Fi security that greatly increases the security capabilities of the wireless standard. WPA2, which is the current standard in wireless security, has been around for 14 years, so this is way overdue.To read this article in full, please click here
As we swerve onto the runway in 2018, IT leaders are finding themselves under increased pressure to ensure security, high availability and disaster recovery for the applications and systems under their care. The results of several surveys underscore the concerns of nearly 6,000 IT professionals around the globe.These surveys, conducted in 2017 by Vision Solutions, now part of Syncsort, collected responses from 5,632 professionals to determine their key business continuity concerns and their strategies for addressing high-profile hacking attacks, data breaches, disruptive natural disasters and escalating storage and data accessibility needs. The results highlight their areas of greatest concern and the key initiatives they are putting into place for moving forward.To read this article in full, please click here
As we swerve onto the runway in 2018, IT leaders are finding themselves under increased pressure to ensure security, high availability and disaster recovery for the applications and systems under their care. The results of several surveys underscore the concerns of nearly 6,000 IT professionals around the globe.These surveys, conducted in 2017 by Vision Solutions, now part of Syncsort, collected responses from 5,632 professionals to determine their key business continuity concerns and their strategies for addressing high-profile hacking attacks, data breaches, disruptive natural disasters, and escalating storage and data accessibility needs. The results highlight their areas of greatest concern and the key initiatives they are putting into place for moving forward.To read this article in full, please click here
Researchers have discovered several vulnerabilities in Dell EMC's data protection products that would allow an attacker to gain full control of the system. Fortunately, a fix is available now for download.The vulnerabilities, three in all, were disclosed on Jan. 4 by the security technology and services firm Digital Defense. They effect Dell EMC's Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance, which use a common component called Avamar Installation Manager. This is the problematic app.In addition to this, a related problem in the VMware vSphere Data Protection backup product has also been uncovered, but it has already been patched.To read this article in full, please click here
Cisco’s Encrypted Traffic Analytics (ETA), a software platform that monitors network packet metadata to detect malicious traffic, even if its encrypted, is now generally available.The company initially launched ETA in June, 2017 during the launch of its intent-based network strategy and it’s been in a private preview since then. Today Cisco rolled ETA out beyond just the enterprises switches it was originally designed for and made it available on current and previous generation data center network hardware too.+MORE AT NETWORK WORLD: What is intent based networking? | Why intent based networking could be a big deal +To read this article in full, please click here
As the chip vendors wrestle to get their arms around the Meltdown and Spectre vulnerabilities, we’re slowly determining the exposure of AMD and ARM to the exploit. Intel, unfortunately, is totally vulnerable. With AMD and ARM, though, it gets complicated.First, let’s go over the Spectre exploit, which is a second class of attacks similar to Meltdown, the one we all know. Like Meltdown, Spectre exploits speculative execution in order to root out information from a CPU’s cache. Spectre is different because of how it runs.Also read: Meltdown and Spectre exploits: Cutting through the FUD
While Meltdown is based on a specific implementation of speculative execution, Spectre exploits a risk to speculative execution that requires more work to exploit but is also considered harder to mitigate. Because it’s more obscure and arcane, it’s not as well understood. That’s why Meltdown is considered the bigger risk.To read this article in full, please click here
As the fallout continues over the Meltdown and Spectre exploits in Intel and now some ARM processors, the issue of what to do about it is coming front and center. Clearly there is no fixing a silicon problem; Intel will have to adjust future chips to deal with it. So, for now, we have the software fixes.Linux distros are rolling out fixes, and Microsoft has issue patches for Windows — although the threat to consumers is minimal. Apple has also issued a macOS fix.To read this article in full, please click here
There is lots of information circulating about the new exploits of computer chips from Intel and others announced in the past few days. Some of it has been accurate, and some has been sensationalist and overblown. There is much technical information with high level of details available for both Meltdown and Spectre, so I won’t get into a lot of technical detail here. Rather, I’ll focus on the higher-level issues affecting business and personal computer users.+RELATED: Intel’s processor flaw is a virtualization nightmare; Red Hat responds to the Intel processor flaw+To read this article in full, please click here
Carbon Monoxide is odorless, tasteless and invisible, and it accounts for over 72,000 cases of poisoning each year. Kidde calls their C3010D model "worry free" because its sensor and sealed battery provide 10 years of uninterrupted CO detection, and a digital display that updates every 15 seconds. The unit will chirp when its reaching the ends of its life, so you don't have to wonder. The Kidde C3010D alarm is currently discounted 32% to $34.91. See this deal now on Amazon.To read this article in full, please click here
Managing networks has become increasingly complex, and it will remain a challenge as the use of Internet of Things devices continues to grow. This complexity makes it difficult to reconfigure a traditional network in a timely manner to respond to malicious events or fix configuration errors.A software-defined network (SDN) can help by giving network engineers the flexibility to dynamically change the behavior of a network on a node-by-node basis — something not typically available in a traditional network. An SDN uses virtualization to simplify the management of network resources and offers a solution for increased capacity without significantly increasing costs.To read this article in full, please click here
It’s no secret that the rise of the Internet of Things (IoT) presents massive new security challenges. Heck, I’ve written about the issue here more than once. But one company claims that enterprise IoT also shows promise for addressing key security issues.Also on Network World: Is the U.S. finally about to take IoT security seriously? and The time to deal with IoT security is now
Tim Lang, CTO at BI and data analytics firm MicroStrategy, notes that 70 percent of security breaches come from the inside, and he says Enterprise Internet of Things (EIoT) can help enterprises “monitor and prevent these breaches before they happen.” To read this article in full, please click here
NordVPN promises a private and fast path through the public internet, with no logs and unmetered access for 6 simultaneous devices. They are currently running a holiday promotion, but you'll have to use this link to find it. Its typical price has been discounted to $99 for 3 years of service. That's a good deal at just $2.75 per month. See the $2.75/month NordVPN holiday deal here.
To read this article in full, please click here
In most cases, I try to turn a skeptical eye on hyperbole. So when a cybersecurity expert tells me that IoT security is a “ticking time bomb,” my initial reaction is not to worry about an upcoming “security apocalypse.”But I am already worried about security in the Internet of Things. So, I took the opportunity to ask Srini Vemula, global product management leader and security expert at SenecaGlobal, what’s really at risk as we hurtle toward 2020 and an estimated 20.4 billion connected devices.To read this article in full, please click here
An APC UPS provides backup power power and surge protection to power and protect your PC or Mac, network router, gaming consoles like Xbox and PS4, AV and other business electronics from the dangers of power surges, spikes, lightning and power outages. By powering your critical electronics with a backup battery during blackouts, you ensure personal and professional connectivity when it matters most. Improvements in efficiency, size and surge protection come at an affordable price, making the Back-UPS Pro mini-tower battery backup UPS models a perfect solution for your power protection needs. Right now the Back-UPS Pro from APC averages 4.7 out of 5 stars on Amazon, where its typical list price of $170 is discounted 30% to $119. See this deal now on Amazon.To read this article in full, please click here
Executives at cloud services vendor Akamai -- David Lewis, global security advocate; Andy Ellis, CSO; and Charlie Gero, CTO -- talk with host Steve Ragan about the evolving role of security in the enterprise.
The reality for security teams today is that they are facing challenges on multiple fronts. The number of security breaches is increasing, which means the number of security alerts to be examined each day is increasing. The attacks are becoming more sophisticated and multi-dimensional. The number of cybersecurity solutions available continues to grow, which requires time and effort to understand. The amount of data in the network is snowballing, which means the cybersecurity infrastructure needs to be constantly updated to keep up. What’s worse is that all this is happening in the midst of new networking paradigms related to cloud, virtualization and software-defined data centers.To read this article in full, please click here